SlideShare a Scribd company logo

Learn OSPF(Open Short Path First) routing to day

Download as ppt, pdf
S
SilasHAKUZWIMANA

This is an introduction to OSPF.

1 of 38

Download presentation

Your download has started
Download to read offline
1
OSPF (Open Short Path First)
2
Characteristics of OSPF’s hierarchical design First, let’s start with a review of the characteristics of OSPF’s hierarchical design. Recall that OSPF allows for the creation of multiple areas so that the network administrator can:  Reduce the size of routing tables  Isolate topology changes as much as possible to the area in which they occur  Allow only summary Link state advertisements (LSA) updates to cross area boundaries and Reap all the benefits of using a hierarchical addressing scheme.
3
 Minimizes routing table entries  Localizes impact of a topology change within an area  Detailed Link State Advertisement (LSA) flooding stops at the area boundary  Requires a hierarchical network design OSPF Areas Review of OSPF area characteristics:
4
 Transit Area: Also known as Backbone Area 0  Regular Area: Also known as Nonbackbone areas OSPF Areas New terminology for areas:
5
OSPF Areas •The backbone area is also referred to as a transit area. •Another type of transit area is one that is configured with virtual links. •Virtual links are a temporary solution when an organization has two backbones that are physically and logically disconnected. •A virtual link between the two backbones is also called a transit area. •All other areas are known as regular areas (standard areas, stub areas, totally stubby areas, and NSSAs)
6
OSPF Database • OSPF maintains three databases • Adjacency Database (show ip ospf neighbor) • Link-state Database (show ip ospf database) • Forwarding Database (show ip route)
7
OSPF Database • Remember that OSPF uses three databases in its operation:  The Adjacency Database is a table listing all OSPF neighbors with which the local router has established bidirectional communication. Display this table with the show ip ospf neighbor command.  The Link-state Database is a table listing all other routers in the network. This database shows the network topology. All OSPF routers in the same area have identical Link-state Databases. Display this table with the show ip ospf database command.  The Forwarding Database is simply the routing table. It includes a list of all routes generated when the SPF algorithm is calculated on the Link-state Database. Display this table with the show ip route command.
8
What is LSDB? • LSDB is an acronym for Link-state Database. • LSAs and the Link-state Database
9
LSA Sequence Numbering • Each LSA in the LSDB maintains a sequence number. • The sequence numbering scheme is a 4-byte number that begins with 0x80000001 and ends with 0x7…..F. • OSPF floods each LSA every 30 minutes to maintain proper database synchronization. Each time the LSA is flooded, the sequence number is incremented by one. • Ultimately, an LSA sequence number will wrap around to 0x80000001. When this occurs, the existing LSA is prematurely aged to maxage (one hour) and flushed. • When a router encounters two instances of an LSA, it must determine which is more recent. The LSA having the newer (higher) LS sequence number is more recent.
10
The OSPF Link-State Database • The show ip ospf database command displays the current LSDB for the local router. . RTC#show ip ospf database OSPF Router with ID (192.168.1.253) (Process ID 3) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.1.249 192.168.1.249 1705 0x80000005 0x00D5B0 5 192.168.1.253 192.168.1.253 1578 0x80000006 0x009F91 5
11
RTC#show ip ospf database OSPF Router with ID (192.168.1.253) (Process ID 3) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.1.249 192.168.1.249 106 0x80000006 0x00D3B1 5 192.168.1.253 192.168.1.253 58 0x80000007 0x009D92 5 RTC#show ip ospf database OSPF Router with ID (192.168.1.253) (Process ID 3) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.1.249 192.168.1.249 1705 0x80000005 0x00D5B0 5 192.168.1.253 192.168.1.253 1578 0x80000006 0x009F91 5 Verifying LSA Age and Sequence Number • In the first output below, notice the age timer will expire sometime after 1800 seconds or 30 minutes.  A few minutes later, the router has received an LSU for both links. Note the refreshed age timer and incremented sequence number.
12
Basic OSPF Configuration
13
Configuring OSPF • An excellent resource for information on the many different OSPF configurations is the Cisco white paper, “Configuring OSPF”, which can be downloaded from the Cisco website: http://www.cisco.com/en/US/products/sw/ iosswrel/ps1835/ products_configuration_guide_chapter09186a00 800b3f2e.html
14
router ospf process-id [vrf vpn-name] Router(config)#  Enable one or more OSPF routing processes. Configuring Basic OSPF network ip-address wildcard-mask area area-id Router(config-router)#  Define the interfaces that OSPF will run on. Router(config-if)# ip ospf process-id area area-id [secondaries none]  Optional method to enable OSPF explicitly on an interface.
15
Configuring OSPF for Multiple Areas Example: Configuring OSPF for Multiple Areas The figure shows an example of multiarea OSPF configuration. Router A is in area 0, router C is in area 1, and router B is the area border router (ABR) between the two areas. The configuration for router A is nothing new. However although Router B has a network statement for area 0 within the OSPF routing process, notice that the configuration for area 1 uses the ip ospf 50 area 1 command on the interface. Alternatively, we could have used a separate network router configuration command in the OSPF routing process.
16
OSPF Router ID • The router is known to OSPF by the OSPF router ID number • LSDBs use the OSPF router ID to differentiate one router from the next. • By default, the router ID is the highest IP address on an active interface at the moment of OSPF process startup. If no interface is up when the OSPF process starts, you will get the following error message: p5r2(config)#router ospf 1 2w1d: %OSPF-4-NORTRID: OSPF process 1 cannot start. • A loopback interface can override the OSPF router ID. If a loopback interface exists, the router ID is the highest IP address on any active loopback interface. • The OSPF router-id command can be used to override the OSPF router ID. • Using a loopback interface or a router-id command is recommended for stability.
17
router-id ip-address  This command is configured under the router ospf [process-id] command.  Any unique arbitrary 32-bit value in an IP address format (dotted decimal) can be used.  If this command is used on an OSPF process that is already active, then the new router ID takes effect after the next reload or after a manual restarting of the OSPF process using: OSPF router-id Command Router(config-router)# Router(config)#router ospf 1 Router(config-router)#router-id 172.16.1.1 Router#clear ip ospf process Router#clear ip ospf process
18
Virtual Link Concepts and Configuration
19
Virtual Links • Virtual links are used to connect a discontiguous area to area 0. • A logical connection is built between router A and router B. • Virtual links are recommended for backup or temporary connections.
20
Special Treatment for LSAs on Virtual Links • LSAs usually age out after 30 minutes • LSAs learned across virtual links have the DoNotAge (DNA) option set • Required to prevent excessive flooding over virtual links
21
Configuring Virtual Links • Creates a virtual link • Optional parameters are used in place of interface ip ospf commands area area-id virtual-link router-id [authentication [message-digest | null]] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [[authentication-key key] | [message-digest-key key-id md5 key]] Router(config-router)#
22
RouterA#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 10.2.2.2 is up Run as demand circuit DoNotAge LSA allowed. Transit area 1, via interface Serial0/0/1, Cost of using 781 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:07 Adjacency State FULL (Hello suppressed) Index 1/2, retransmission queue length 0, number of retransmission 1 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 1, maximum is 1 Last retransmission scan time is 0 msec, maximum is 0 msec Configuring and Verifying a Virtual Link
23
OSPF Authentication
24
• OSPF supports 2 types of authentication: •Simple password authentication (plain text) •MD5 authentication • Router generates and checks each packet and authenticates the source of each update packet it receives • Configure a “key” (password) •Note: all participating neighbors must have the same key configured OSPF Authentication Types
25
Configuring Simple Password Authentication ip ospf authentication-key password Router(config-if)# • Assign a password to be used with neighboring routers. Router(config-if)# ip ospf authentication [message-digest | null] • Specifies the authentication type for an interface (since IOS 12.0). Router(config-router)# area area-id authentication [message-digest] • Specifies the authentication type for an area (was in IOS before 12.0).
26
Example Simple Password Authentication Configuration
27
R2 Configuration for Simple Password Authentication <output omitted> interface Loopback0 ip address 10.2.2.2 255.255.255.0 <output omitted> interface Serial0/0/1 ip address 192.168.1.102 255.255.255.224 ip ospf authentication ip ospf authentication-key plainpas <output omitted> router ospf 10 log-adjacency-changes network 10.2.2.2 0.0.0.0 area 0 network 192.168.1.0 0.0.0.255 area 0
28
Verifying Simple Password Authentication R1#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:32 192.168.1.102 Serial0/0/1 R1#show ip route <output omitted> Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:01:17, Serial0/0/1 C 10.1.1.0/24 is directly connected, Loopback0 192.168.1.0/27 is subnetted, 1 subnets C 192.168.1.96 is directly connected, Serial0/0/1 R1#ping 10.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
29
Configuring OSPF MD5 Authentication • Specifies the authentication type for an area (was in IOS before 12.0). area area-id authentication [message-digest] • Specifies the authentication type for an interface (since IOS 12.0). ip ospf authentication [message-digest | null] ip ospf message-digest-key key-id md5 key Router(config-if)# • Assign a key ID and key to be used with neighboring routers. Router(config-if)# Router(config-router)#
30
Example MD5 Authentication Configuration
31
R2 Configuration for MD5 Authenticaiton <output omitted> interface Loopback0 ip address 10.2.2.2 255.255.255.0 <output omitted> interface Serial0/0/1 ip address 192.168.1.102 255.255.255.224 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 secretpass <output omitted> router ospf 10 log-adjacency-changes network 10.2.2.2 0.0.0.0 area 0 network 192.168.1.0 0.0.0.255 area 0
32
Verifying MD5 Authentication R1#sho ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:31 192.168.1.102 Serial0/0/1 R1#show ip route <output omitted> Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:00:37, Serial0/0/1 C 10.1.1.0/24 is directly connected, Loopback0 192.168.1.0/27 is subnetted, 1 subnets C 192.168.1.96 is directly connected, Serial0/0/1 R1#ping 10.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
33
Troubleshooting Simple Password Authentication R1#debug ip ospf adj OSPF adjacency events debugging is on R1# <output omitted> *Feb 17 18:42:01.250: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1, state 2WAY *Feb 17 18:42:01.250: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x9B6 opt 0x52 flag 0x7 len 32 *Feb 17 18:42:01.262: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x23ED opt0x52 flag 0x7 len 32 mtu 1500 state EXSTART *Feb 17 18:42:01.262: OSPF: NBR Negotiation Done. We are the SLAVE *Feb 17 18:42:01.262: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x23ED opt 0x52 flag 0x2 len 72 <output omitted> R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:34 192.168.1.102 Serial0/0/1 • Displays the OSPF adjacency-related events. debug ip ospf adj Router#
34
Troubleshooting Simple Password Authentication Problems R1# *Feb 17 18:54:01.238: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication Key - Clear Text R2# *Feb 17 18:53:13.050: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication Key - Clear Text Simple authentication on R1 and R2, but different passwords: R1# *Feb 17 18:51:31.242: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication type. Input packet specified type 0, we use type 1 R2# *Feb 17 18:50:43.046: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication type. Input packet specified type 1, we use type 0 Simple authentication on R1, no authentication on R2:
35
Troubleshooting MD5 Authentication R1#debug ip ospf adj OSPF adjacency events debugging is on <output omitted> *Feb 17 17:14:06.530: OSPF: Send with youngest Key 1 *Feb 17 17:14:06.546: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1, state 2WAY *Feb 17 17:14:06.546: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0xB37 opt 0x52 flag 0x7 len 32 *Feb 17 17:14:06.546: OSPF: Send with youngest Key 1 *Feb 17 17:14:06.562: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x32F opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART *Feb 17 17:14:06.562: OSPF: NBR Negotiation Done. We are the SLAVE *Feb 17 17:14:06.562: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x32F opt 0x52 flag 0x2 len 72 *Feb 17 17:14:06.562: OSPF: Send with youngest Key 1 <output omitted> R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:35 192.168.1.102 Serial0/0/1
36
Troubleshooting MD5 Authentication Problems MD5 authentication on both R1 and R2, but R1 has key 1 and R2 has key 2, both with the same passwords: R1# *Feb 17 17:56:16.530: OSPF: Send with youngest Key 1 *Feb 17 17:56:26.502: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication Key - No message digest key 2 on interface *Feb 17 17:56:26.530: OSPF: Send with youngest Key 1 R2# *Feb 17 17:55:28.226: OSPF: Send with youngest Key 2 *Feb 17 17:55:28.286: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication Key - No message digest key 1 on interface *Feb 17 17:55:38.226: OSPF: Send with youngest Key 2
37
LAB Configuration of Dynamic Routing-OSPF How to configure OSPF Routing Protocol
38
Routing Resources 1. Static Routing Configuration Guide with Examples 2. RIP Protocol configuration Guide with Examples 3. Basic OSPF Configuration 4. OSPF Routing Protocol Overview - Study CCNA 5. How to Configure EIGRP on Cisco Routers (With Example)
OSPF (Open Short Path First)
Characteristics of OSPF’s hierarchical design First, let’s start with a review of the characteristics of OSPF’s hierarchical design. Recall that OSPF allows for the creation of multiple areas so that the network administrator can:  Reduce the size of routing tables  Isolate topology changes as much as possible to the area in which they occur  Allow only summary Link state advertisements (LSA) updates to cross area boundaries and Reap all the benefits of using a hierarchical addressing scheme.
 Minimizes routing table entries  Localizes impact of a topology change within an area  Detailed Link State Advertisement (LSA) flooding stops at the area boundary  Requires a hierarchical network design OSPF Areas Review of OSPF area characteristics:
 Transit Area: Also known as Backbone Area 0  Regular Area: Also known as Nonbackbone areas OSPF Areas New terminology for areas:
OSPF Areas •The backbone area is also referred to as a transit area. •Another type of transit area is one that is configured with virtual links. •Virtual links are a temporary solution when an organization has two backbones that are physically and logically disconnected. •A virtual link between the two backbones is also called a transit area. •All other areas are known as regular areas (standard areas, stub areas, totally stubby areas, and NSSAs)
OSPF Database • OSPF maintains three databases • Adjacency Database (show ip ospf neighbor) • Link-state Database (show ip ospf database) • Forwarding Database (show ip route)
OSPF Database • Remember that OSPF uses three databases in its operation:  The Adjacency Database is a table listing all OSPF neighbors with which the local router has established bidirectional communication. Display this table with the show ip ospf neighbor command.  The Link-state Database is a table listing all other routers in the network. This database shows the network topology. All OSPF routers in the same area have identical Link-state Databases. Display this table with the show ip ospf database command.  The Forwarding Database is simply the routing table. It includes a list of all routes generated when the SPF algorithm is calculated on the Link-state Database. Display this table with the show ip route command.
What is LSDB? • LSDB is an acronym for Link-state Database. • LSAs and the Link-state Database
LSA Sequence Numbering • Each LSA in the LSDB maintains a sequence number. • The sequence numbering scheme is a 4-byte number that begins with 0x80000001 and ends with 0x7…..F. • OSPF floods each LSA every 30 minutes to maintain proper database synchronization. Each time the LSA is flooded, the sequence number is incremented by one. • Ultimately, an LSA sequence number will wrap around to 0x80000001. When this occurs, the existing LSA is prematurely aged to maxage (one hour) and flushed. • When a router encounters two instances of an LSA, it must determine which is more recent. The LSA having the newer (higher) LS sequence number is more recent.
The OSPF Link-State Database • The show ip ospf database command displays the current LSDB for the local router. . RTC#show ip ospf database OSPF Router with ID (192.168.1.253) (Process ID 3) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.1.249 192.168.1.249 1705 0x80000005 0x00D5B0 5 192.168.1.253 192.168.1.253 1578 0x80000006 0x009F91 5
RTC#show ip ospf database OSPF Router with ID (192.168.1.253) (Process ID 3) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.1.249 192.168.1.249 106 0x80000006 0x00D3B1 5 192.168.1.253 192.168.1.253 58 0x80000007 0x009D92 5 RTC#show ip ospf database OSPF Router with ID (192.168.1.253) (Process ID 3) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.1.249 192.168.1.249 1705 0x80000005 0x00D5B0 5 192.168.1.253 192.168.1.253 1578 0x80000006 0x009F91 5 Verifying LSA Age and Sequence Number • In the first output below, notice the age timer will expire sometime after 1800 seconds or 30 minutes.  A few minutes later, the router has received an LSU for both links. Note the refreshed age timer and incremented sequence number.
Basic OSPF Configuration
Configuring OSPF • An excellent resource for information on the many different OSPF configurations is the Cisco white paper, “Configuring OSPF”, which can be downloaded from the Cisco website: http://www.cisco.com/en/US/products/sw/ iosswrel/ps1835/ products_configuration_guide_chapter09186a00 800b3f2e.html
router ospf process-id [vrf vpn-name] Router(config)#  Enable one or more OSPF routing processes. Configuring Basic OSPF network ip-address wildcard-mask area area-id Router(config-router)#  Define the interfaces that OSPF will run on. Router(config-if)# ip ospf process-id area area-id [secondaries none]  Optional method to enable OSPF explicitly on an interface.
Configuring OSPF for Multiple Areas Example: Configuring OSPF for Multiple Areas The figure shows an example of multiarea OSPF configuration. Router A is in area 0, router C is in area 1, and router B is the area border router (ABR) between the two areas. The configuration for router A is nothing new. However although Router B has a network statement for area 0 within the OSPF routing process, notice that the configuration for area 1 uses the ip ospf 50 area 1 command on the interface. Alternatively, we could have used a separate network router configuration command in the OSPF routing process.
OSPF Router ID • The router is known to OSPF by the OSPF router ID number • LSDBs use the OSPF router ID to differentiate one router from the next. • By default, the router ID is the highest IP address on an active interface at the moment of OSPF process startup. If no interface is up when the OSPF process starts, you will get the following error message: p5r2(config)#router ospf 1 2w1d: %OSPF-4-NORTRID: OSPF process 1 cannot start. • A loopback interface can override the OSPF router ID. If a loopback interface exists, the router ID is the highest IP address on any active loopback interface. • The OSPF router-id command can be used to override the OSPF router ID. • Using a loopback interface or a router-id command is recommended for stability.
router-id ip-address  This command is configured under the router ospf [process-id] command.  Any unique arbitrary 32-bit value in an IP address format (dotted decimal) can be used.  If this command is used on an OSPF process that is already active, then the new router ID takes effect after the next reload or after a manual restarting of the OSPF process using: OSPF router-id Command Router(config-router)# Router(config)#router ospf 1 Router(config-router)#router-id 172.16.1.1 Router#clear ip ospf process Router#clear ip ospf process
Virtual Link Concepts and Configuration
Virtual Links • Virtual links are used to connect a discontiguous area to area 0. • A logical connection is built between router A and router B. • Virtual links are recommended for backup or temporary connections.
Special Treatment for LSAs on Virtual Links • LSAs usually age out after 30 minutes • LSAs learned across virtual links have the DoNotAge (DNA) option set • Required to prevent excessive flooding over virtual links
Configuring Virtual Links • Creates a virtual link • Optional parameters are used in place of interface ip ospf commands area area-id virtual-link router-id [authentication [message-digest | null]] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [[authentication-key key] | [message-digest-key key-id md5 key]] Router(config-router)#
RouterA#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 10.2.2.2 is up Run as demand circuit DoNotAge LSA allowed. Transit area 1, via interface Serial0/0/1, Cost of using 781 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:07 Adjacency State FULL (Hello suppressed) Index 1/2, retransmission queue length 0, number of retransmission 1 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 1, maximum is 1 Last retransmission scan time is 0 msec, maximum is 0 msec Configuring and Verifying a Virtual Link
OSPF Authentication
• OSPF supports 2 types of authentication: •Simple password authentication (plain text) •MD5 authentication • Router generates and checks each packet and authenticates the source of each update packet it receives • Configure a “key” (password) •Note: all participating neighbors must have the same key configured OSPF Authentication Types
Configuring Simple Password Authentication ip ospf authentication-key password Router(config-if)# • Assign a password to be used with neighboring routers. Router(config-if)# ip ospf authentication [message-digest | null] • Specifies the authentication type for an interface (since IOS 12.0). Router(config-router)# area area-id authentication [message-digest] • Specifies the authentication type for an area (was in IOS before 12.0).
Example Simple Password Authentication Configuration
R2 Configuration for Simple Password Authentication <output omitted> interface Loopback0 ip address 10.2.2.2 255.255.255.0 <output omitted> interface Serial0/0/1 ip address 192.168.1.102 255.255.255.224 ip ospf authentication ip ospf authentication-key plainpas <output omitted> router ospf 10 log-adjacency-changes network 10.2.2.2 0.0.0.0 area 0 network 192.168.1.0 0.0.0.255 area 0
Verifying Simple Password Authentication R1#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:32 192.168.1.102 Serial0/0/1 R1#show ip route <output omitted> Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:01:17, Serial0/0/1 C 10.1.1.0/24 is directly connected, Loopback0 192.168.1.0/27 is subnetted, 1 subnets C 192.168.1.96 is directly connected, Serial0/0/1 R1#ping 10.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
Configuring OSPF MD5 Authentication • Specifies the authentication type for an area (was in IOS before 12.0). area area-id authentication [message-digest] • Specifies the authentication type for an interface (since IOS 12.0). ip ospf authentication [message-digest | null] ip ospf message-digest-key key-id md5 key Router(config-if)# • Assign a key ID and key to be used with neighboring routers. Router(config-if)# Router(config-router)#
Example MD5 Authentication Configuration
R2 Configuration for MD5 Authenticaiton <output omitted> interface Loopback0 ip address 10.2.2.2 255.255.255.0 <output omitted> interface Serial0/0/1 ip address 192.168.1.102 255.255.255.224 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 secretpass <output omitted> router ospf 10 log-adjacency-changes network 10.2.2.2 0.0.0.0 area 0 network 192.168.1.0 0.0.0.255 area 0
Verifying MD5 Authentication R1#sho ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:31 192.168.1.102 Serial0/0/1 R1#show ip route <output omitted> Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:00:37, Serial0/0/1 C 10.1.1.0/24 is directly connected, Loopback0 192.168.1.0/27 is subnetted, 1 subnets C 192.168.1.96 is directly connected, Serial0/0/1 R1#ping 10.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
Troubleshooting Simple Password Authentication R1#debug ip ospf adj OSPF adjacency events debugging is on R1# <output omitted> *Feb 17 18:42:01.250: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1, state 2WAY *Feb 17 18:42:01.250: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x9B6 opt 0x52 flag 0x7 len 32 *Feb 17 18:42:01.262: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x23ED opt0x52 flag 0x7 len 32 mtu 1500 state EXSTART *Feb 17 18:42:01.262: OSPF: NBR Negotiation Done. We are the SLAVE *Feb 17 18:42:01.262: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x23ED opt 0x52 flag 0x2 len 72 <output omitted> R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:34 192.168.1.102 Serial0/0/1 • Displays the OSPF adjacency-related events. debug ip ospf adj Router#
Troubleshooting Simple Password Authentication Problems R1# *Feb 17 18:54:01.238: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication Key - Clear Text R2# *Feb 17 18:53:13.050: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication Key - Clear Text Simple authentication on R1 and R2, but different passwords: R1# *Feb 17 18:51:31.242: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication type. Input packet specified type 0, we use type 1 R2# *Feb 17 18:50:43.046: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication type. Input packet specified type 1, we use type 0 Simple authentication on R1, no authentication on R2:
Troubleshooting MD5 Authentication R1#debug ip ospf adj OSPF adjacency events debugging is on <output omitted> *Feb 17 17:14:06.530: OSPF: Send with youngest Key 1 *Feb 17 17:14:06.546: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1, state 2WAY *Feb 17 17:14:06.546: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0xB37 opt 0x52 flag 0x7 len 32 *Feb 17 17:14:06.546: OSPF: Send with youngest Key 1 *Feb 17 17:14:06.562: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x32F opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART *Feb 17 17:14:06.562: OSPF: NBR Negotiation Done. We are the SLAVE *Feb 17 17:14:06.562: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x32F opt 0x52 flag 0x2 len 72 *Feb 17 17:14:06.562: OSPF: Send with youngest Key 1 <output omitted> R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:35 192.168.1.102 Serial0/0/1
Troubleshooting MD5 Authentication Problems MD5 authentication on both R1 and R2, but R1 has key 1 and R2 has key 2, both with the same passwords: R1# *Feb 17 17:56:16.530: OSPF: Send with youngest Key 1 *Feb 17 17:56:26.502: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication Key - No message digest key 2 on interface *Feb 17 17:56:26.530: OSPF: Send with youngest Key 1 R2# *Feb 17 17:55:28.226: OSPF: Send with youngest Key 2 *Feb 17 17:55:28.286: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication Key - No message digest key 1 on interface *Feb 17 17:55:38.226: OSPF: Send with youngest Key 2
LAB Configuration of Dynamic Routing-OSPF How to configure OSPF Routing Protocol
Routing Resources 1. Static Routing Configuration Guide with Examples 2. RIP Protocol configuration Guide with Examples 3. Basic OSPF Configuration 4. OSPF Routing Protocol Overview - Study CCNA 5. How to Configure EIGRP on Cisco Routers (With Example)

Recommended

BSCI30S03 OSPF open shortest path first .ppt
BSCI30S03 OSPF open shortest path first .pptBSCI30S03 OSPF open shortest path first .ppt
BSCI30S03 OSPF open shortest path first .ppt
hodeve9961
 
Cisco ospf
Cisco ospf Cisco ospf
Cisco ospf
sarasanandam
 
Cisco ospf
Cisco ospf Cisco ospf
Cisco ospf
sarasanandam
 
Ospf
Ospf Ospf
Ospf
DeeN Mohammad
 
OSPF- Multi area
OSPF- Multi area OSPF- Multi area
OSPF- Multi area
Ahmed Ali
 
Лекц 15
Лекц 15Лекц 15
Лекц 15
Muuluu
 
20407473 ospf
20407473 ospf20407473 ospf
20407473 ospf
bui thequan
 
Ospf hassan jamal.ppt
Ospf hassan jamal.pptOspf hassan jamal.ppt
Ospf hassan jamal.ppt
almazeedihassan
 
Allwyn ospf ppt
Allwyn ospf pptAllwyn ospf ppt
Allwyn ospf ppt
Allwyngeorge4
 
Day 12 enabling ospf
Day 12 enabling ospfDay 12 enabling ospf
Day 12 enabling ospf
CYBERINTELLIGENTS
 
Ospf Cisco
Ospf CiscoOspf Cisco
Ospf Cisco
Alp isik
 
OSPF Fundamental
OSPF FundamentalOSPF Fundamental
OSPF Fundamental
Reza Farahani
 
OSPF - Copie.pptx
OSPF - Copie.pptxOSPF - Copie.pptx
OSPF - Copie.pptx
MAROUANEAZZA3
 
OSPF v3
OSPF v3OSPF v3
OSPF v3
Irsandi Hasan
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
Sabiulla Barkathullah
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
AHMED NADIM JILANI
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
danishrafiq
 
Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01
Sachin Morya
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
trayyoo
 
ospf-config.pdf
ospf-config.pdfospf-config.pdf
ospf-config.pdf
Denis Rasskazov
 
1cospf
1cospf1cospf
1cospf
andersonaguimaraes
 
1cospf
1cospf1cospf
1cospf
andersonaguimaraes
 
OSPF Overview
OSPF OverviewOSPF Overview
OSPF Overview
NetProtocol Xpert
 
9- Single Area OSPF on in networking.ppt
9- Single Area OSPF on in networking.ppt9- Single Area OSPF on in networking.ppt
9- Single Area OSPF on in networking.ppt
MutacalimMohamed
 
Rtchap5
Rtchap5Rtchap5
Rtchap5
Robert Marburg
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.ppt
Edgardo Scrimaglia
 
OSPF by Abdullah Mukhtar
OSPF by Abdullah MukhtarOSPF by Abdullah Mukhtar
OSPF by Abdullah Mukhtar
Abdullah Mukhtar
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
Reetesh Gupta
 
HUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGY
HUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGYHUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGY
HUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGY
DHARMENDRA SAHU
 
How to Create a Stage or a Pipeline in Odoo 18 CRM
How to Create a Stage or a Pipeline in Odoo 18 CRMHow to Create a Stage or a Pipeline in Odoo 18 CRM
How to Create a Stage or a Pipeline in Odoo 18 CRM
Celine George
 

More Related Content

Similar to Learn OSPF(Open Short Path First) routing to day (20)

Allwyn ospf ppt
Allwyn ospf pptAllwyn ospf ppt
Allwyn ospf ppt
Allwyngeorge4
 
Day 12 enabling ospf
Day 12 enabling ospfDay 12 enabling ospf
Day 12 enabling ospf
CYBERINTELLIGENTS
 
Ospf Cisco
Ospf CiscoOspf Cisco
Ospf Cisco
Alp isik
 
OSPF Fundamental
OSPF FundamentalOSPF Fundamental
OSPF Fundamental
Reza Farahani
 
OSPF - Copie.pptx
OSPF - Copie.pptxOSPF - Copie.pptx
OSPF - Copie.pptx
MAROUANEAZZA3
 
OSPF v3
OSPF v3OSPF v3
OSPF v3
Irsandi Hasan
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
Sabiulla Barkathullah
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
AHMED NADIM JILANI
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
danishrafiq
 
Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01
Sachin Morya
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
trayyoo
 
ospf-config.pdf
ospf-config.pdfospf-config.pdf
ospf-config.pdf
Denis Rasskazov
 
1cospf
1cospf1cospf
1cospf
andersonaguimaraes
 
1cospf
1cospf1cospf
1cospf
andersonaguimaraes
 
OSPF Overview
OSPF OverviewOSPF Overview
OSPF Overview
NetProtocol Xpert
 
9- Single Area OSPF on in networking.ppt
9- Single Area OSPF on in networking.ppt9- Single Area OSPF on in networking.ppt
9- Single Area OSPF on in networking.ppt
MutacalimMohamed
 
Rtchap5
Rtchap5Rtchap5
Rtchap5
Robert Marburg
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.ppt
Edgardo Scrimaglia
 
OSPF by Abdullah Mukhtar
OSPF by Abdullah MukhtarOSPF by Abdullah Mukhtar
OSPF by Abdullah Mukhtar
Abdullah Mukhtar
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
Reetesh Gupta
 
Allwyn ospf ppt
Allwyn ospf pptAllwyn ospf ppt
Allwyn ospf ppt
Allwyngeorge4
 
Day 12 enabling ospf
Day 12 enabling ospfDay 12 enabling ospf
Day 12 enabling ospf
CYBERINTELLIGENTS
 
Ospf Cisco
Ospf CiscoOspf Cisco
Ospf Cisco
Alp isik
 
OSPF Fundamental
OSPF FundamentalOSPF Fundamental
OSPF Fundamental
Reza Farahani
 
OSPF - Copie.pptx
OSPF - Copie.pptxOSPF - Copie.pptx
OSPF - Copie.pptx
MAROUANEAZZA3
 
OSPF v3
OSPF v3OSPF v3
OSPF v3
Irsandi Hasan
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
Sabiulla Barkathullah
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
AHMED NADIM JILANI
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
danishrafiq
 
Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01
Sachin Morya
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
trayyoo
 
ospf-config.pdf
ospf-config.pdfospf-config.pdf
ospf-config.pdf
Denis Rasskazov
 
1cospf
1cospf1cospf
1cospf
andersonaguimaraes
 
1cospf
1cospf1cospf
1cospf
andersonaguimaraes
 
OSPF Overview
OSPF OverviewOSPF Overview
OSPF Overview
NetProtocol Xpert
 
9- Single Area OSPF on in networking.ppt
9- Single Area OSPF on in networking.ppt9- Single Area OSPF on in networking.ppt
9- Single Area OSPF on in networking.ppt
MutacalimMohamed
 
Rtchap5
Rtchap5Rtchap5
Rtchap5
Robert Marburg
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.ppt
Edgardo Scrimaglia
 
OSPF by Abdullah Mukhtar
OSPF by Abdullah MukhtarOSPF by Abdullah Mukhtar
OSPF by Abdullah Mukhtar
Abdullah Mukhtar
 
Ccna day3
Ccna day3Ccna day3
Ccna day3
Reetesh Gupta
 

Recently uploaded (20)

HUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGY
HUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGYHUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGY
HUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGY
DHARMENDRA SAHU
 
How to Create a Stage or a Pipeline in Odoo 18 CRM
How to Create a Stage or a Pipeline in Odoo 18 CRMHow to Create a Stage or a Pipeline in Odoo 18 CRM
How to Create a Stage or a Pipeline in Odoo 18 CRM
Celine George
 
K-Circle-Weekly-Quiz-May2025_12345678910
K-Circle-Weekly-Quiz-May2025_12345678910K-Circle-Weekly-Quiz-May2025_12345678910
K-Circle-Weekly-Quiz-May2025_12345678910
PankajRodey1
 
Coleoptera: The Largest Insect Order.pptx
Coleoptera: The Largest Insect Order.pptxColeoptera: The Largest Insect Order.pptx
Coleoptera: The Largest Insect Order.pptx
Arshad Shaikh
 
"Orthoptera: Grasshoppers, Crickets, and Katydids pptx
"Orthoptera: Grasshoppers, Crickets, and Katydids pptx"Orthoptera: Grasshoppers, Crickets, and Katydids pptx
"Orthoptera: Grasshoppers, Crickets, and Katydids pptx
Arshad Shaikh
 
Order: Odonata Isoptera and Thysanoptera.pptx
Order: Odonata Isoptera and Thysanoptera.pptxOrder: Odonata Isoptera and Thysanoptera.pptx
Order: Odonata Isoptera and Thysanoptera.pptx
Arshad Shaikh
 
Types of Actions in Odoo 18 - Odoo Slides
Types of Actions in Odoo 18 - Odoo SlidesTypes of Actions in Odoo 18 - Odoo Slides
Types of Actions in Odoo 18 - Odoo Slides
Celine George
 
Dashboard Overview in Odoo 18 - Odoo Slides
Dashboard Overview in Odoo 18 - Odoo SlidesDashboard Overview in Odoo 18 - Odoo Slides
Dashboard Overview in Odoo 18 - Odoo Slides
Celine George
 
LDMMIA Free Reiki Yoga S7 Weekly Workshops
LDMMIA Free Reiki Yoga S7 Weekly WorkshopsLDMMIA Free Reiki Yoga S7 Weekly Workshops
LDMMIA Free Reiki Yoga S7 Weekly Workshops
LDM & Mia eStudios
 
LDMMIA Bonus GUEST GRAD Student Check-in
LDMMIA Bonus GUEST GRAD Student Check-inLDMMIA Bonus GUEST GRAD Student Check-in
LDMMIA Bonus GUEST GRAD Student Check-in
LDM & Mia eStudios
 
Active Surveillance For Localized Prostate Cancer A New Paradigm For Clinical...
Active Surveillance For Localized Prostate Cancer A New Paradigm For Clinical...Active Surveillance For Localized Prostate Cancer A New Paradigm For Clinical...
Active Surveillance For Localized Prostate Cancer A New Paradigm For Clinical...
wygalkelceqg
 
Stewart Butler - OECD - How to design and deliver higher technical education ...
Stewart Butler - OECD - How to design and deliver higher technical education ...Stewart Butler - OECD - How to design and deliver higher technical education ...
Stewart Butler - OECD - How to design and deliver higher technical education ...
EduSkills OECD
 
Pragya Champion's Chalice 2025 Set , General Quiz
Pragya Champion's Chalice 2025 Set , General QuizPragya Champion's Chalice 2025 Set , General Quiz
Pragya Champion's Chalice 2025 Set , General Quiz
Pragya - UEM Kolkata Quiz Club
 
How to Create Time Off Request in Odoo 18 Time Off
How to Create Time Off Request in Odoo 18 Time OffHow to Create Time Off Request in Odoo 18 Time Off
How to Create Time Off Request in Odoo 18 Time Off
Celine George
 
State institute of educational technology
State institute of educational technologyState institute of educational technology
State institute of educational technology
vp5806484
 
Uterine Prolapse, causes type and classification,its managment
Uterine Prolapse, causes type and classification,its managmentUterine Prolapse, causes type and classification,its managment
Uterine Prolapse, causes type and classification,its managment
Ritu480198
 
Introduction to Online CME for Nurse Practitioners.pdf
Introduction to Online CME for Nurse Practitioners.pdfIntroduction to Online CME for Nurse Practitioners.pdf
Introduction to Online CME for Nurse Practitioners.pdf
CME4Life
 
CBSE - Grade 11 - Mathematics - Ch 2 - Relations And Functions - Notes (PDF F...
CBSE - Grade 11 - Mathematics - Ch 2 - Relations And Functions - Notes (PDF F...CBSE - Grade 11 - Mathematics - Ch 2 - Relations And Functions - Notes (PDF F...
CBSE - Grade 11 - Mathematics - Ch 2 - Relations And Functions - Notes (PDF F...
Sritoma Majumder
 
Critical Thinking and Bias with Jibi Moses
Critical Thinking and Bias with Jibi MosesCritical Thinking and Bias with Jibi Moses
Critical Thinking and Bias with Jibi Moses
Excellence Foundation for South Sudan
 
Exploring Identity Through Colombian Companies
Exploring Identity Through Colombian CompaniesExploring Identity Through Colombian Companies
Exploring Identity Through Colombian Companies
OlgaLeonorTorresSnch
 
HUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGY
HUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGYHUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGY
HUMAN SKELETAL SYSTEM ANATAMY AND PHYSIOLOGY
DHARMENDRA SAHU
 
How to Create a Stage or a Pipeline in Odoo 18 CRM
How to Create a Stage or a Pipeline in Odoo 18 CRMHow to Create a Stage or a Pipeline in Odoo 18 CRM
How to Create a Stage or a Pipeline in Odoo 18 CRM
Celine George
 
K-Circle-Weekly-Quiz-May2025_12345678910
K-Circle-Weekly-Quiz-May2025_12345678910K-Circle-Weekly-Quiz-May2025_12345678910
K-Circle-Weekly-Quiz-May2025_12345678910
PankajRodey1
 
Coleoptera: The Largest Insect Order.pptx
Coleoptera: The Largest Insect Order.pptxColeoptera: The Largest Insect Order.pptx
Coleoptera: The Largest Insect Order.pptx
Arshad Shaikh
 
"Orthoptera: Grasshoppers, Crickets, and Katydids pptx
"Orthoptera: Grasshoppers, Crickets, and Katydids pptx"Orthoptera: Grasshoppers, Crickets, and Katydids pptx
"Orthoptera: Grasshoppers, Crickets, and Katydids pptx
Arshad Shaikh
 
Order: Odonata Isoptera and Thysanoptera.pptx
Order: Odonata Isoptera and Thysanoptera.pptxOrder: Odonata Isoptera and Thysanoptera.pptx
Order: Odonata Isoptera and Thysanoptera.pptx
Arshad Shaikh
 
Types of Actions in Odoo 18 - Odoo Slides
Types of Actions in Odoo 18 - Odoo SlidesTypes of Actions in Odoo 18 - Odoo Slides
Types of Actions in Odoo 18 - Odoo Slides
Celine George
 
Dashboard Overview in Odoo 18 - Odoo Slides
Dashboard Overview in Odoo 18 - Odoo SlidesDashboard Overview in Odoo 18 - Odoo Slides
Dashboard Overview in Odoo 18 - Odoo Slides
Celine George
 
LDMMIA Free Reiki Yoga S7 Weekly Workshops
LDMMIA Free Reiki Yoga S7 Weekly WorkshopsLDMMIA Free Reiki Yoga S7 Weekly Workshops
LDMMIA Free Reiki Yoga S7 Weekly Workshops
LDM & Mia eStudios
 
LDMMIA Bonus GUEST GRAD Student Check-in
LDMMIA Bonus GUEST GRAD Student Check-inLDMMIA Bonus GUEST GRAD Student Check-in
LDMMIA Bonus GUEST GRAD Student Check-in
LDM & Mia eStudios
 
Active Surveillance For Localized Prostate Cancer A New Paradigm For Clinical...
Active Surveillance For Localized Prostate Cancer A New Paradigm For Clinical...Active Surveillance For Localized Prostate Cancer A New Paradigm For Clinical...
Active Surveillance For Localized Prostate Cancer A New Paradigm For Clinical...
wygalkelceqg
 
Stewart Butler - OECD - How to design and deliver higher technical education ...
Stewart Butler - OECD - How to design and deliver higher technical education ...Stewart Butler - OECD - How to design and deliver higher technical education ...
Stewart Butler - OECD - How to design and deliver higher technical education ...
EduSkills OECD
 
Pragya Champion's Chalice 2025 Set , General Quiz
Pragya Champion's Chalice 2025 Set , General QuizPragya Champion's Chalice 2025 Set , General Quiz
Pragya Champion's Chalice 2025 Set , General Quiz
Pragya - UEM Kolkata Quiz Club
 
How to Create Time Off Request in Odoo 18 Time Off
How to Create Time Off Request in Odoo 18 Time OffHow to Create Time Off Request in Odoo 18 Time Off
How to Create Time Off Request in Odoo 18 Time Off
Celine George
 
State institute of educational technology
State institute of educational technologyState institute of educational technology
State institute of educational technology
vp5806484
 
Uterine Prolapse, causes type and classification,its managment
Uterine Prolapse, causes type and classification,its managmentUterine Prolapse, causes type and classification,its managment
Uterine Prolapse, causes type and classification,its managment
Ritu480198
 
Introduction to Online CME for Nurse Practitioners.pdf
Introduction to Online CME for Nurse Practitioners.pdfIntroduction to Online CME for Nurse Practitioners.pdf
Introduction to Online CME for Nurse Practitioners.pdf
CME4Life
 
CBSE - Grade 11 - Mathematics - Ch 2 - Relations And Functions - Notes (PDF F...
CBSE - Grade 11 - Mathematics - Ch 2 - Relations And Functions - Notes (PDF F...CBSE - Grade 11 - Mathematics - Ch 2 - Relations And Functions - Notes (PDF F...
CBSE - Grade 11 - Mathematics - Ch 2 - Relations And Functions - Notes (PDF F...
Sritoma Majumder
 
Critical Thinking and Bias with Jibi Moses
Critical Thinking and Bias with Jibi MosesCritical Thinking and Bias with Jibi Moses
Critical Thinking and Bias with Jibi Moses
Excellence Foundation for South Sudan
 
Exploring Identity Through Colombian Companies
Exploring Identity Through Colombian CompaniesExploring Identity Through Colombian Companies
Exploring Identity Through Colombian Companies
OlgaLeonorTorresSnch
 

Learn OSPF(Open Short Path First) routing to day

  • 2. Characteristics of OSPF’s hierarchical design First, let’s start with a review of the characteristics of OSPF’s hierarchical design. Recall that OSPF allows for the creation of multiple areas so that the network administrator can:  Reduce the size of routing tables  Isolate topology changes as much as possible to the area in which they occur  Allow only summary Link state advertisements (LSA) updates to cross area boundaries and Reap all the benefits of using a hierarchical addressing scheme.
  • 3.  Minimizes routing table entries  Localizes impact of a topology change within an area  Detailed Link State Advertisement (LSA) flooding stops at the area boundary  Requires a hierarchical network design OSPF Areas Review of OSPF area characteristics:
  • 4.  Transit Area: Also known as Backbone Area 0  Regular Area: Also known as Nonbackbone areas OSPF Areas New terminology for areas:
  • 5. OSPF Areas •The backbone area is also referred to as a transit area. •Another type of transit area is one that is configured with virtual links. •Virtual links are a temporary solution when an organization has two backbones that are physically and logically disconnected. •A virtual link between the two backbones is also called a transit area. •All other areas are known as regular areas (standard areas, stub areas, totally stubby areas, and NSSAs)
  • 6. OSPF Database • OSPF maintains three databases • Adjacency Database (show ip ospf neighbor) • Link-state Database (show ip ospf database) • Forwarding Database (show ip route)
  • 7. OSPF Database • Remember that OSPF uses three databases in its operation:  The Adjacency Database is a table listing all OSPF neighbors with which the local router has established bidirectional communication. Display this table with the show ip ospf neighbor command.  The Link-state Database is a table listing all other routers in the network. This database shows the network topology. All OSPF routers in the same area have identical Link-state Databases. Display this table with the show ip ospf database command.  The Forwarding Database is simply the routing table. It includes a list of all routes generated when the SPF algorithm is calculated on the Link-state Database. Display this table with the show ip route command.
  • 8. What is LSDB? • LSDB is an acronym for Link-state Database. • LSAs and the Link-state Database
  • 9. LSA Sequence Numbering • Each LSA in the LSDB maintains a sequence number. • The sequence numbering scheme is a 4-byte number that begins with 0x80000001 and ends with 0x7…..F. • OSPF floods each LSA every 30 minutes to maintain proper database synchronization. Each time the LSA is flooded, the sequence number is incremented by one. • Ultimately, an LSA sequence number will wrap around to 0x80000001. When this occurs, the existing LSA is prematurely aged to maxage (one hour) and flushed. • When a router encounters two instances of an LSA, it must determine which is more recent. The LSA having the newer (higher) LS sequence number is more recent.
  • 10. The OSPF Link-State Database • The show ip ospf database command displays the current LSDB for the local router. . RTC#show ip ospf database OSPF Router with ID (192.168.1.253) (Process ID 3) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.1.249 192.168.1.249 1705 0x80000005 0x00D5B0 5 192.168.1.253 192.168.1.253 1578 0x80000006 0x009F91 5
  • 11. RTC#show ip ospf database OSPF Router with ID (192.168.1.253) (Process ID 3) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.1.249 192.168.1.249 106 0x80000006 0x00D3B1 5 192.168.1.253 192.168.1.253 58 0x80000007 0x009D92 5 RTC#show ip ospf database OSPF Router with ID (192.168.1.253) (Process ID 3) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.1.249 192.168.1.249 1705 0x80000005 0x00D5B0 5 192.168.1.253 192.168.1.253 1578 0x80000006 0x009F91 5 Verifying LSA Age and Sequence Number • In the first output below, notice the age timer will expire sometime after 1800 seconds or 30 minutes.  A few minutes later, the router has received an LSU for both links. Note the refreshed age timer and incremented sequence number.
  • 13. Configuring OSPF • An excellent resource for information on the many different OSPF configurations is the Cisco white paper, “Configuring OSPF”, which can be downloaded from the Cisco website: http://www.cisco.com/en/US/products/sw/ iosswrel/ps1835/ products_configuration_guide_chapter09186a00 800b3f2e.html
  • 14. router ospf process-id [vrf vpn-name] Router(config)#  Enable one or more OSPF routing processes. Configuring Basic OSPF network ip-address wildcard-mask area area-id Router(config-router)#  Define the interfaces that OSPF will run on. Router(config-if)# ip ospf process-id area area-id [secondaries none]  Optional method to enable OSPF explicitly on an interface.
  • 15. Configuring OSPF for Multiple Areas Example: Configuring OSPF for Multiple Areas The figure shows an example of multiarea OSPF configuration. Router A is in area 0, router C is in area 1, and router B is the area border router (ABR) between the two areas. The configuration for router A is nothing new. However although Router B has a network statement for area 0 within the OSPF routing process, notice that the configuration for area 1 uses the ip ospf 50 area 1 command on the interface. Alternatively, we could have used a separate network router configuration command in the OSPF routing process.
  • 16. OSPF Router ID • The router is known to OSPF by the OSPF router ID number • LSDBs use the OSPF router ID to differentiate one router from the next. • By default, the router ID is the highest IP address on an active interface at the moment of OSPF process startup. If no interface is up when the OSPF process starts, you will get the following error message: p5r2(config)#router ospf 1 2w1d: %OSPF-4-NORTRID: OSPF process 1 cannot start. • A loopback interface can override the OSPF router ID. If a loopback interface exists, the router ID is the highest IP address on any active loopback interface. • The OSPF router-id command can be used to override the OSPF router ID. • Using a loopback interface or a router-id command is recommended for stability.
  • 17. router-id ip-address  This command is configured under the router ospf [process-id] command.  Any unique arbitrary 32-bit value in an IP address format (dotted decimal) can be used.  If this command is used on an OSPF process that is already active, then the new router ID takes effect after the next reload or after a manual restarting of the OSPF process using: OSPF router-id Command Router(config-router)# Router(config)#router ospf 1 Router(config-router)#router-id 172.16.1.1 Router#clear ip ospf process Router#clear ip ospf process
  • 18. Virtual Link Concepts and Configuration
  • 19. Virtual Links • Virtual links are used to connect a discontiguous area to area 0. • A logical connection is built between router A and router B. • Virtual links are recommended for backup or temporary connections.
  • 20. Special Treatment for LSAs on Virtual Links • LSAs usually age out after 30 minutes • LSAs learned across virtual links have the DoNotAge (DNA) option set • Required to prevent excessive flooding over virtual links
  • 21. Configuring Virtual Links • Creates a virtual link • Optional parameters are used in place of interface ip ospf commands area area-id virtual-link router-id [authentication [message-digest | null]] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [[authentication-key key] | [message-digest-key key-id md5 key]] Router(config-router)#
  • 22. RouterA#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 10.2.2.2 is up Run as demand circuit DoNotAge LSA allowed. Transit area 1, via interface Serial0/0/1, Cost of using 781 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:07 Adjacency State FULL (Hello suppressed) Index 1/2, retransmission queue length 0, number of retransmission 1 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 1, maximum is 1 Last retransmission scan time is 0 msec, maximum is 0 msec Configuring and Verifying a Virtual Link
  • 24. • OSPF supports 2 types of authentication: •Simple password authentication (plain text) •MD5 authentication • Router generates and checks each packet and authenticates the source of each update packet it receives • Configure a “key” (password) •Note: all participating neighbors must have the same key configured OSPF Authentication Types
  • 25. Configuring Simple Password Authentication ip ospf authentication-key password Router(config-if)# • Assign a password to be used with neighboring routers. Router(config-if)# ip ospf authentication [message-digest | null] • Specifies the authentication type for an interface (since IOS 12.0). Router(config-router)# area area-id authentication [message-digest] • Specifies the authentication type for an area (was in IOS before 12.0).
  • 26. Example Simple Password Authentication Configuration
  • 27. R2 Configuration for Simple Password Authentication <output omitted> interface Loopback0 ip address 10.2.2.2 255.255.255.0 <output omitted> interface Serial0/0/1 ip address 192.168.1.102 255.255.255.224 ip ospf authentication ip ospf authentication-key plainpas <output omitted> router ospf 10 log-adjacency-changes network 10.2.2.2 0.0.0.0 area 0 network 192.168.1.0 0.0.0.255 area 0
  • 28. Verifying Simple Password Authentication R1#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:32 192.168.1.102 Serial0/0/1 R1#show ip route <output omitted> Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:01:17, Serial0/0/1 C 10.1.1.0/24 is directly connected, Loopback0 192.168.1.0/27 is subnetted, 1 subnets C 192.168.1.96 is directly connected, Serial0/0/1 R1#ping 10.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
  • 29. Configuring OSPF MD5 Authentication • Specifies the authentication type for an area (was in IOS before 12.0). area area-id authentication [message-digest] • Specifies the authentication type for an interface (since IOS 12.0). ip ospf authentication [message-digest | null] ip ospf message-digest-key key-id md5 key Router(config-if)# • Assign a key ID and key to be used with neighboring routers. Router(config-if)# Router(config-router)#
  • 31. R2 Configuration for MD5 Authenticaiton <output omitted> interface Loopback0 ip address 10.2.2.2 255.255.255.0 <output omitted> interface Serial0/0/1 ip address 192.168.1.102 255.255.255.224 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 secretpass <output omitted> router ospf 10 log-adjacency-changes network 10.2.2.2 0.0.0.0 area 0 network 192.168.1.0 0.0.0.255 area 0
  • 32. Verifying MD5 Authentication R1#sho ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:31 192.168.1.102 Serial0/0/1 R1#show ip route <output omitted> Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:00:37, Serial0/0/1 C 10.1.1.0/24 is directly connected, Loopback0 192.168.1.0/27 is subnetted, 1 subnets C 192.168.1.96 is directly connected, Serial0/0/1 R1#ping 10.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
  • 33. Troubleshooting Simple Password Authentication R1#debug ip ospf adj OSPF adjacency events debugging is on R1# <output omitted> *Feb 17 18:42:01.250: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1, state 2WAY *Feb 17 18:42:01.250: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x9B6 opt 0x52 flag 0x7 len 32 *Feb 17 18:42:01.262: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x23ED opt0x52 flag 0x7 len 32 mtu 1500 state EXSTART *Feb 17 18:42:01.262: OSPF: NBR Negotiation Done. We are the SLAVE *Feb 17 18:42:01.262: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x23ED opt 0x52 flag 0x2 len 72 <output omitted> R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:34 192.168.1.102 Serial0/0/1 • Displays the OSPF adjacency-related events. debug ip ospf adj Router#
  • 34. Troubleshooting Simple Password Authentication Problems R1# *Feb 17 18:54:01.238: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication Key - Clear Text R2# *Feb 17 18:53:13.050: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication Key - Clear Text Simple authentication on R1 and R2, but different passwords: R1# *Feb 17 18:51:31.242: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication type. Input packet specified type 0, we use type 1 R2# *Feb 17 18:50:43.046: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication type. Input packet specified type 1, we use type 0 Simple authentication on R1, no authentication on R2:
  • 35. Troubleshooting MD5 Authentication R1#debug ip ospf adj OSPF adjacency events debugging is on <output omitted> *Feb 17 17:14:06.530: OSPF: Send with youngest Key 1 *Feb 17 17:14:06.546: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1, state 2WAY *Feb 17 17:14:06.546: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0xB37 opt 0x52 flag 0x7 len 32 *Feb 17 17:14:06.546: OSPF: Send with youngest Key 1 *Feb 17 17:14:06.562: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x32F opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART *Feb 17 17:14:06.562: OSPF: NBR Negotiation Done. We are the SLAVE *Feb 17 17:14:06.562: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x32F opt 0x52 flag 0x2 len 72 *Feb 17 17:14:06.562: OSPF: Send with youngest Key 1 <output omitted> R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:35 192.168.1.102 Serial0/0/1
  • 36. Troubleshooting MD5 Authentication Problems MD5 authentication on both R1 and R2, but R1 has key 1 and R2 has key 2, both with the same passwords: R1# *Feb 17 17:56:16.530: OSPF: Send with youngest Key 1 *Feb 17 17:56:26.502: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication Key - No message digest key 2 on interface *Feb 17 17:56:26.530: OSPF: Send with youngest Key 1 R2# *Feb 17 17:55:28.226: OSPF: Send with youngest Key 2 *Feb 17 17:55:28.286: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication Key - No message digest key 1 on interface *Feb 17 17:55:38.226: OSPF: Send with youngest Key 2
  • 37. LAB Configuration of Dynamic Routing-OSPF How to configure OSPF Routing Protocol
  • 38. Routing Resources 1. Static Routing Configuration Guide with Examples 2. RIP Protocol configuration Guide with Examples 3. Basic OSPF Configuration 4. OSPF Routing Protocol Overview - Study CCNA 5. How to Configure EIGRP on Cisco Routers (With Example)

Editor's Notes

  • #14: Step 1: Enable the OSPF process on the router using the router ospf command. The process-id is an internally used number to identify the OSPF routing process. The process ID does not need to match process IDs on other routers. Running multiple OSPF processes on the same router is not recommended because it creates multiple database instances that add extra overhead. However, if you are routing for multiple VPN routing and forwarding instances, the each VRF needs its own routing process. The vrf vpn-name option specifies the name of the VPN routing and forwarding (VRF) instance to associate with OSPF VRF processes. For more information on configuring VRF and OSPF refer to the following Cisco link: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a008045577b.html Step 2: Identify which interfaces on the router are part of the OSPF process, using the network command, as shown in the figure. We are all familiar with this command. The ip ospf process-id area area-id interface command is a completely new command starting with Cisco IOS Release 12.3(11)T. With this command, you can enable OSPF directly on an interface, which simplifies the configuration of unnumbered interfaces. Because the command is configured explicitly for the interface, it will take precedence over the network area command. The secondaries none option will prevent secondary IP addresses on the interface from being advertised.
  • #21: We are already familiar with how to configure a basic virtual link. Simply use the area area-id virtual-link router-id router configuration command on each side of the link to define an OSPF virtual link. However, notice all the optional parameters that we can configure for the virtual link. If necessary for the virtual link, authentication and timing intervals must be configured here because the link is virtual. The equivalent ip ospf commands on the physical interface will not apply to traffic on the virtual link.
  • #26: The figure shows the network used to illustrate the configuration, verification, and troubleshooting of simple password authentication in the next few slides. The configuration of the R1 router is shown in this figure as well. Simple password authentication is configured on interface serial 0/0/1 with the ip ospf authentication command. The interface is configured with an authentication key of plainpas.
  • #27: Simple password authentication is configured on interface serial 0/0/1 with the ip ospf authentication command. The interface is configured with an authentication key of plainpas. Notice that the connecting interfaces on both R1 and R2 are configured for the same type of authentication with the same authentication key.
  • #28: The figure shows the output of the show ip ospf neighbor and show ip route commands. The neighbor state is FULL, indicating that the two routers have successfully formed an OSPF adjacency. The routing table verifies that the 10.2.2.2 address has been learned via OSPF over the serial connection. The results of a ping to the R2 loopback interface address is also displayed to illustrate that the link is working.
  • #29: MD5 authentication involved a 2-step process. To configure OSPF MD5 authentication, complete the following steps: Assign a key ID and key to be used with neighboring routers that are using the OSPF MD5 authentication, using the ip ospf message-digest-key command, as shown in the figure. The key and the key-id specified in this command are used to generate a message digest (also called a hash) of each OSPF packet; the message digest is appended to the packet. A separate password can be assigned to each network on a per-interface basis. The key-id allows for uninterrupted transitions between keys, which is helpful for administrators who wish to change the OSPF password without disrupting communication. The router will stop sending duplicate packets once it detects that all of its neighbors have adopted the new key. The process of changing keys is as follows. Suppose the current configuration is as follows: interface FastEthernet 0/0  ip ospf message-digest-key 100 md5 OLD Change the configuration to the following: interface FastEthernet 0/0  ip ospf message-digest-key 101 md5 NEW The system assumes its neighbors do not have the new key yet, so it begins a rollover process. Rollover allows neighboring routers to continue communication while the network administrator is updating them with the new key. Rollover stops once the local system finds that all its neighbors know the new key. The system detects that a neighbor has the new key when it receives packets from the neighbor authenticated by the new key. Cisco recommends that you not keep more than one key per interface. Every time you add a new key, you should remove the old key to prevent the local system from continuing to communicate with a hostile system that knows the old key. Specify the authentication type using the ip ospf authentication command as shown in the figure. The parameters for this command are as described in the previous topic. For MD5 authentication, use the ip ospf authentication command with the message-digest parameter. Before using this command, configure the message digest key for the interface with the ip ospf message-digest-key command. Recall that the ip ospf authentication command was introduced in Cisco IOS Software Release 12.0. As it is for simple password authentication, the MD5 authentication type for an area is still supported using the area area-id authentication message-digest router configuration command, for backward compatibility. NOTE: Limit to interfaces where attacks are possible

Download presentation

Your download has started